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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )^| Responsive to communication(s) filed on 30 October 2007 . 
2a )□ This action is FINAL. 2b)£3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^3 Claim(s) 1,2,4-17,19-27, 29-35, 38-41, 43-50, 52-58, 60 and 61 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |EI Claim(s) 1.2.4-17.19-27.29-35.38-41.43-50.52-58.60 and 61 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) L~H The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)^ accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 0 Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the 
fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. 
Since this application is eligible for continued examination under 37 CFR 

1.1 14, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality 
of the previous Office action has been withdrawn pursuant to 37 CFR 1.1 14. 
Applicant's submission filed on October 30, 2007 has been entered. 

Response to Amendment 

2. The amendment filed on October 30, 2007 has been fully considered but 
are moot in view of the new grounds of rejection. 

• 1-2, 4-17, 19-27, 29-35, 38-41, 43-50, 52-58 and 60-61 are presented 
for examination 

Note: For technical reasons the Examiner did not have the chance to consider 
the submitted artifact. 

Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in 
this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another 
filed in the United States before the invention thereof by the applicant for patent, or on an 
international application by another who has fulfilled the requirements of paragraphs (1), 
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(2), and (4) of section 371(c) of this title before the invention thereof by the applicant for 
patent. 

The changes made to 35 U.S. C. 102(e) by the American Inventors 
Protection Act of 1999 (AIPA) and the Intellectual Property and High Technology 
Technical Amendments Act of 2002 do not apply when the reference is a U.S. 
patent resulting directly or indirectly from an international application filed 
before November 29, 2000. Therefore, the prior art date of the reference is 
determined under 35 U.S. C. 102(e) prior to the amendment by the AIPA (pre- 
AIPA 35 U.S.C. 102(e)). 

Claims 1-2, 4-17, 19-27, 29-35, 38-41, 43-46, 48-50, 52-55, 57-58, and 
60-61 are rejected under 35 U.S.C. 102(e) as being anticipated by Swift et al 
US Patent Number (7,1 13,994), hereinafter "Swift". 

The applied reference has a common assignee or inventor with the 
instant application. Based upon the earlier effective U.S. filing date of the 
reference, it constitutes prior art under 35 U.S.C. 102(e). This rejection under 
35 U.S.C. 102(e) might be overcome either by a showing under 37 CFR 1.132 
that any invention disclosed but not claimed in the reference was derived from 
the inventor of this application and is thus not the invention "by another," or 
by an appropriate showing under 37 CFR 1.131. 

As per claim 1 , Swift teaches a method for constraining delegation by a client 
to a server (abstract and fig. 2) , comprising: 

a client obtaining a service credential to access a server from a trusted 
third party (col. 5, lines 4-20); authorizing the server to access one or more 
services on behalf of the client by one of: causing the service credential to 
specify that delegation of the service credential from the client to the server is 
authorized; and causing the trusted third party to maintain an indication that 
the delegation of the service credential from the client to the server is 
authorized (col. 5, lines 4-40 and fig. 2, items 84,82 and 90); the client 
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receiving the service credential from the trusted third party (col. 5, lines 4-40); 
the client providing the service credential to the server, the client requesting 
access to a resource through the server, the server identifying for the client 
that the resource is provided by a target service that does not reside on the 
server (col. 4, lines 21-55); the server itself requesting a new service credential 
to access the target service on behalf of the client from the a trusted third-party 
(fig. Trusted security server) the client withholding from the server a client's 
authentication credentials and capability to use the client's authentication 
credentials (col. 5, lines 4-13); the server providing the trusted third-party with 
a credential authenticating the server, and information about the target 
service; and causing the trusted third-party to provide the new service 
credential that authorizes the server to access the target service on behalf of 
the client without participation by the client (col. 5, lines 4-52) when one of: 
the service credential specifies that delegation of the service credential to 
access the target service is authorized; and the trusted third-party maintains 
an indication that the delegation of the service credential to access the target 
service is authorized (col. 2, lines 16-43 and col. 8, lines 10-44). 

As per claims 12, 16,26,31,38,40,49,58 and 61 Swift teaches the invention as 
explained in claim 1 (see also figures 1-4 and col. 4, lines 4-55). These claims 
include variations of similar limitations addressed in claim 1 above; therefore 
they are rejected with the same rationale. 

In referring to claim 2, 17, 27, 32 and 39, 

• The trusted third-party includes at least one service selected from a group of 
services comprising a key distribution center (KDC) service, A certificate 
granting authority service, and A domain controller service: see Figures 8 
and 9 and (col. 5, lines 35-55), 
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In referring to claim 6, and 8, 

• Causing the trusted third-party to verify that the client has authorized 

delegation (Col. 5, lines 4-44 and fig. 3, item 106). 
In referring to claims 7 and 22, 

• The trusted third-party includes a key distribution center (KDC) : 

See Figures 8 and 9 and (col. 5, lines 35-55), causing the trusted third- 
party to verify that the client has authorized delegation includes verifying 
the status of forwardable flag value as set by the client (see fig. 3 and Col. 
10, lines 1-36) 

In referring to claim 9, 23, and 34, 

• The server is a front-end server with respect to a back-end server that is 
coupled to the front-end server: The proxy is a front-end server with 
respect to the client 

• The back-end server is configured to provide the target service to which 
access is sought. The target service is a back -end server with respect to the 
client (see fig. 2) 

In referring to claims 10 and 24, 

• The trusted third-party includes a key distribution center (KDC): See 

Figures 8 and 9 and (col. 5, lines 35-55), The KDC provides a ticket- 
granting-ticket associated with the client to the client; and the client does 
not provide the ticket granting ticket to the server see Figures 8 and 9 and ol. 
5, lines 35-55). 

In referring to claims 1 1 and 25, 

• The trusted third-party includes a key distribution center (KDC): See 

Figures 8-9 and col. 5, lines 35-55), The server requests the new credential 
in a ticket granting service request message that includes a service ticket 
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provided by the client to the server (col. 5, lines 4-55). 

In referring to claims 13, 14, and 15, 

The implementation-specific identity information includes information 
selected from a group comprising privilege attribute certificate (PAC) 
information, security identifier information, Unix identifier information, 
Passport identifier information, certificate information: The system of Swift 
contains security identifier information (col. 5, lines 4-55). 

In referring to claims 9, 20,29-30, 33,35 and 61, Swift teaches wherein the 
service credential is configured for use by the server and the target service 
and wherein the credential authenticating the server includes a ticket 
granting ticket associated with the server (see fig. 2; Figures 8 and 9 and col. 
5, lines 35-55). 

Claims 41-46, 48 and 50-55.57 include similar limitations addressed in claims 
2,4-11 and 17,19-25. Therefore, they are rejected with the same rationale. 



Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

Claims 47 and 56 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Swift in view of Freier et al. ("The SSL Protocol Version 3.0", 18 Nov 1996, 
hereinafter "Freier"). Although Swift shows substantial features of the 
claimed invention, Swift does not show using SSL as the first authentication 
method. Nonetheless this feature is well known in the art and would have 
been an obvious modification to the system disclosed by Swift as evidenced 
by Freier. 



Application/Control Number: 09/886,146 Page 7 

Art Unit: 2456 

In analogous art, Freier discloses SSL version 3.0. Freier shows SSL can be 
used to provide communication privacy over the Internet (abstract). 

Given these teachings, a person of ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying the system of Swift 
so as to use SSL, such as taught by Freier, in order to provide security for 
applications that don't support Kerberos authentication (For example, 
Outlook and Netscape email clients). 

Conclusion 

The prior art made of record and not relied upon is considered pertinent 
to applicant's disclosure. 

Any inquiry concerning this communication or earlier communications 
from the examiner should be directed to Yasin Barqadle whose telephone 
number is 571-272-3947. The examiner can normally be reached on 9:00 AM 
to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Bunjob Jaroenchonwanit can be reached on 571-272- 
3913. The fax phone number for the organization where this application or 
proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained 
from the Patent Application Information Retrieval (PAIR) system. Status 
information for published applications may be obtained from either Private 
PAIR or Public PAIR. Status information for unpublished applications is 
available through Private PAIR only. For more information about the PAIR 
system, see http:/ / pair-direct.uspto.gov. Should you have questions on access 
to the Private PAIR system, contact the Electronic Business Center (EBC) at 
866-217-9197 (toll-free). If you would like assistance from a USPTO Customer 
Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Yasin M Barqadle/ 

Primary Examiner, Art Unit 2456 



